A stricter regime for profiling07 June 2016
New EU Data Protection Law in 2015? Decisiveness, Flexibility and Direction are the Answer
As we enter 2015, Latvia is in charge of closing many open areas. At this stage, we have very little by way of fully agreed positions amongst member states, but there is a fair amount of consensus on key issues like the responsibilities of controllers and processors and the risk-based approach. Other big topics remain undecided—like the controversial one-stop-shop provisions—or indeed entirely unaddressed, such as sanctions and special exemptions. Whilst the difficulty of getting 28 national governments to agree on a piece of legislation which is so politically charged and economically crucial should not be underestimated, the inability to move forward will only cripple Europe's role in this debate. Therefore, the time for decision-making within the Council is now (read within the next six months) or the whole process risks losing credibility and influence outside Europe.
Once a final agreement is reached within the Council, the most difficult part of the legislative process will commence. This is a three-way negotiation (known as 'trilogue') between the Council and the Parliament—as legislative bodies—and the European Commission, which will mediate between the other two and guide the final stages of the process. The Parliament has been patiently waiting and preparing to fight its corner with the Council for the best part of a year. With its elaborate and carefully thought out draft, the Parliament is expected to be very firm in its demands for strong rights and full control by individuals over their own data. Whilst commendable from a public policy perspective, the Parliament's line will need to survive the test of incessant technological development and data globalisation.
This means that a dose of flexibility in the political thinking of the Parliament will be essential. The fact that the previous work of the Parliament's LIBE committee was so efficiently handled by Jan Albrecht and his team should be a reason for optimism, but the temptation for tight geographical data protectionism will be strong and could damage the outcome. Here is where some clear direction by the European Commission will be critical. In doing so, the Commission must stay focused on the primary policy objectives of the law—harmonising and future-proofing a framework aimed at protecting the golden eggs of Europe's and the world's prosperity.
No doubt, this will require some creativity to devise solutions and approaches that may not provide the highest level of legal certainty at the outset, but that with the right guidance from policy makers and regulators will deliver the right balance between the protection of privacy and economic and societal progress. We must assume that all of this will take time even if concerted efforts are made by all involved. Agreeing on the final version of the new law before the end of 2015 is not impossible, but it will be very challenging as it will require that all factors affecting the process—decisiveness, flexibility and direction—fall into place in a seamless and uninterrupted way. That's what I call a New Year's resolution.
The above piece, written by Eduardo Ustaran, was posted to the International Association of Privacy Professionals’ (IAPP) Privacy Tracker on January 13, 2015. The post, New EU Data Protection Law in 2015? Decisiveness Flexibility and Direction Are the Answer, is reprinted in its entirety with permission from the IAPP.
The Regulation aims to strengthen the rights of individuals. It does so by retaining rights that already exist under the Data Protection Directive and introducing the new rights of data...06 June 2016
Grounds for processing03 June 2016